AVG-837

Package libarchive
Status Vulnerable
Severity High
Type multiple issues
Affected 3.3.3-1
Fixed Unknown
Current 3.3.3-1 [core]
Ticket Create
Created Sun Jan 6 15:06:08 2019
Issue Severity Remote Type Description
CVE-2018-1000880 High No Denial of service
A resource consumption issue has been found in libarchive >= 3.2.0 and <=3.3.3, in the _warc_read() function in archive_read_support_format_warm.c. An...
CVE-2018-1000879 Low No Denial of service
A NULL-pointer dereference issue has been found in libarchive >= 3.3.0 and <=3.3.3, in the archive_acl_from_text_l() function in archive_acl.c. An attacker...
CVE-2018-1000878 High No Arbitrary code execution
A use-after-free issue has been found in libarchive >= 3.1.0 and <=3.3.3, in the archive_read_format_rar_read_header() function in...
CVE-2018-1000877 High No Arbitrary code execution
A double-free issue has been found in libarchive >= 3.1.0 and <=3.3.3, in the parse_codes() function in archive_read_support_format_rar.c. An attacker can...
References
https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
https://github.com/libarchive/libarchive/pull/1105